This page provides information about the privacy and data protection policy of the Autonomous Community of the Region of Murcia, which has been adapted to the “Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data” (hereinafter, GDPR) and to Organic Law 3/2018, of 5 December, on Personal Data Protection and guarantee of digital rights.

This policy applies to the information collected through the Regional Administration Recognition of Units and Persons website.

The processing of personal data collected on this website and on CARM portals will be subject to current data protection legislation, the GDPR, and other applicable regulations. In this way, the privacy of users, as well as the confidentiality and security of their personal data, is guaranteed at all times.

CARM is committed to maintaining the highest confidentiality regarding the information provided and to using it solely for the purposes established in each case.

Responsibility for the processing of personal data

The responsibility for the processing of personal data lies with the data controller. This is the body or entity that determines the purposes and means of processing personal data. Within CARM, generally, the data controllers are the General Secretariats of the different Ministries and the General Directorates, as well as the Directors/Managers of Agencies. In the case of instrumental entities of the regional public sector with their own legal personality, the responsibility lies with the management of the entity.

Purposes and legal basis for processing personal data

n accordance with the GDPR, we inform you of the purpose for which personal data is collected and the legal basis for doing so. Both the purpose and the legal basis are recorded in the “Registry of Processing Activities of the Regional Public Administration" and are accessible to all.

The purpose of data processing will be in accordance with the activities of the Regional Administration. Information about the purpose will be included in the first- and second-level clauses shown when personal data is collected.

Data processing will be based on the conditions set out in Article 6 of the GDPR.

When the purpose of processing requires the consent of the data subject, it will be given through a clear affirmative action in which the individual expresses a free, specific, informed, and unambiguous willingness to accept the processing of personal data.

Communication of personal data

As a general rule, personal data will not be communicated to third parties, except when required by law. Any transfers or communications of data will be informed to the data subject through the information clauses shown when collecting personal data.

Retention of personal data

Personal data provided will be kept for the time necessary to fulfill the purpose for which it is collected, as well as to determine any possible responsibilities that may arise. In any case, the periods and deadlines established in the regulations on archives and documentation will be taken into account.

Rights of data subjects

Data subjects can exercise their rights of access, rectification, deletion, limitation of processing, objection, and data portability.

How to exercise your rights: by contacting the data controller electronically through the CARM Electronic Headquarters,or in person through the network of assistance offices for registration. You can download the request form from the CARM Electronic Headquarters (procedure 2736).

You may also contact the Data Protection Officer regarding matters related to the processing of your personal data and the exercise of your rights.

Additionally, you have the right to file a complaint with the Spanish Data Protection Agency: C/ Jorge Juan, 6, 28001 MADRID.

Security of personal data

In compliance with Article 32 of the GDPR, the Autonomous Community of the Region of Murcia will guarantee the confidentiality, integrity, availability, and permanent resilience of processing systems and services. The level of security will be proportional to the risk involved in processing each type of personal data.